CVE-2019-13416

Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on the local cluster ignoring their roles on the remote cluster(s).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
floragunnCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
search-guardsearch_guard
𝑥
< 24.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3
https://search-guard.com/cve-advisory/
https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-24_3
https://search-guard.com/cve-advisory/